Download.Trojan among other things....

Hello Guys/Gals

Ive recently discovered that my current workstation is under attack from multiple threats. After running Symantec Security Check on a whim (we already have a full version of continually updated TrendMicro PC-Cilin) I found that over 70 files have been infected with a trojan/virus named Download.Trojan. It seems to be slowing the computed down significantly, and I am unsure of what it can do long term. After looking at both the symantec and trendmicro sites, and getting nowhere at all, I decided to come here for help.

I have taken all of your steps as listed on the sticky. Ad-aware, Spybot, CCleaner, CWS Shredder, MS Defender and MS Trojan Removal Tool are all installed and updated. I ran Adaware, Spybot, CCleaner, CWS Shredder, and the MS Trojan removal tool without incident (well nothing major just random cookies, trackers, etc...). After those steps my luck seemed to change.

When I ran MS Defender it came across a file called SearchExtender (it even sounds dirty) and had an error when it tried to remove it (Failed, 0x80004005 Unspecified Error) I tried to run it again, and the same exact thing happened. I went to the next step.

Another problem I had, neither of the Online Virus Scans could be run in safe mode, for some unknown reason windows refuses to pick up my DSL line in safe mode, im not sure if its a malware issue or if windows just doesnt like me. I have attached the results of the scans, along with a HijackThis Log (after i deleted the entries i was comfortable with while reading the HJT How-To).

I am posting this because A) i am unsure of the virus is completely gone B) im am unsure if Download.Trojan is the only thing affecting my computer and C) Trend Micro over-the-phone support although 100% free it is also 100% worthless and D) Ive tried all of the methods listed in the Sticky Threads and feel this is the last option

If you have any suggestions, comments, or just want to yell at me for no particular reason, feel free. Im just gonna be waiting around until someone responds anyway.

Computer Info: 2.40 Ghz Pentium 4 - 512 MB Ram - Win XP Home Edition - Service Pack 2 up to date - Trend Micro Antivirus 2006

PS The Attachments are from Hijack, BitDefend, ActiveScan, and Symantec Security Check (not reccommended by you guys, but it initally caught the virus....)

 

Empty the Trend Micro Quarantine.

Your HijackThis log appears to be from Safe Mode, I need one from Normal Mode.

In Safe Mode, open Windows Explorer, Navigate to and delete the following:

Post a fresh HijackThis log from Normal Mode.

 

Shadow,

Thanks for the response, Ive been trying to get rid of this for the last 2 days and my limited knowledge has not gotten me anywhere. I ran HJT again, this time in standard windows mode, and have the log attached to this post.

Also of all the files listed, only 1 was on my system - C:\Documents and Settings\Winxph\Local Settings\Temp\se.dll. Im not sure if thats a good thing or a bad thing.

Eternally (yes forever) Grateful
Bud

 

Perhaps I should have actually attached the file instead of just saying I was going to ...

 

I noticed there is an older version of Java on this computer. You should update Java to the latest version.

Do you know what this link is for: O4 - HKLM\..\Run: [dsl logon] "C:\Documents and Settings\All Users\Desktop\ONLINE.lnk"

It would appear on all Desktops. If not, scan with HijackThis and fix that line.

Other than the above your HijackThis log is clean.

 

Shadow,

That link connects our computer to our DSL line, it does exist on all User Desktops and when the computer starts up a Connecting to DSL message does appear.

I did not set up the network connection here, nor have I ever used a DSL line so I do not know if it is normal for the connection to take 10 seconds to establish (since cable is just instant on). For those 10 seconds the computer usage spikes to around 100% and I wouldnt even think about trying to open a program or document.

I will update Java after posting.

Thanks again,
Bud

 

I asked because a file with the name ONLINE.lnk is sometimes associated with a few different forms of malware.

The amount of time it takes for your DSL to connect would depend on if you are using a software connection or a hardware connection. If the DSL modem is connected to the USB port then it is most likely a software connection, and that would explain the spike in CPU usage when you first connect. I prefer hardware connections. That is connecting the DSL modem to the NIC, and configuring the sytem to connect to the Internet VIA the LAN.